<?php

/**
 * Description of password
 * 
 * @author 叶风
 * Qq:    355007778
 * Email: ye.fn@163.com
 */

namespace c\user;
\lang::load('user');
class password extends \control
{
    /**
     * 修改密码
     */
    function index_edit()
    {     
		\YF_f::initC('\c\auth\permission')->login();  
        if ($_GET['act']=='s')
         {
            $d = $_POST['u'];
            $uid = \YF_f::$login_user_id;
            $UG = \YF_f::initC('\c\user\g');
			
            //che
            $r = $this->db->getOne('user', '*', 'id='.$uid);
            if (!$UG->password_ver($d['old'], $r['password']))
                $this->clue(\lang::g('auth fail'));
				
            //up
			if (!$d['new'])
                $this->clue(\lang::g ('Over'));
            $pass = $UG->password_ed($d['new']);
            $this->db->save('user', array('password'=>$pass), 'id='. $uid);
			
            //记录历史密码
            \log::write('edit_password', $d['old']);
            
            $this->clue(\lang::g('OK'), '?u=cuser\my', 1);
         }
    	$this->loadTemplate('user/password/edit');
        $this->dispLayout = 'user';
    }
	//找回密码
	function index_re()
	{
        if (isset($_POST['name']))
            $this->reset();
        elseif (isset($_GET['q']))
         {
            $q = \encrypt::q_de($_GET['q']);
			parse_str($q, $data);
         }

        $this->loadTemplate('user/password/reset', array('d'=>$data));
	}
	// 发送邮件认证码
    function index_se()
    {
        $_n = $this->db->escape($_GET['n']);
        $r = $this->db->getOne('user', 'id, email', "(name='$_n' or email='$_n' or phone='$_n')");
        if (!$r['email'])
            ajax_json(\lang::g('not set email'));
        
        $tempC = \YF_f::initC('\c\temp\db');
        $mark = 'pass-reset-'.$r['id'];
        $a = $tempC->findRow($mark);
        if ($a && UNIX_TIME - $a['create_time']<60)
            ajax_json(TRUE);
        
        //mail
        $No = randomkeys(6);
        $url = ROOT_URL .'?u=cuser\password-fre&q='. \encrypt::q_ed("v=$No&n=". urldecode($_GET['n']));
        $b = \YF_f::initC('mail')->send($r['email'], \lang::g('mail_t_reset_password'), sprintf(\lang::g('mail_c_reset_password %s'), $No, $url, $url));
        if ($b)
            ajax_json(\lang::g($b));
        
        $tempC->save($mark, $No);
        ajax_json(TRUE);
    }
    protected function reset()
    {
        $d = $_POST;
        $_n = $this->db->escape($d['name']);
        $r = $this->db->getOne('user', 'id', "(name='$_n' or email='$_n' or phone='$_n')");
        
        $mark = 'pass-reset-'.$r['id'];
        $Ctem = \YF_f::initC('\c\temp\db');
        $a = $Ctem->findRow($mark);
        if (!$a or  UNIX_TIME - $a['create_time']>3600*48)
            $this->clue(\lang::g('Verification code has expired.'));
        if ($d['ver']!=$a['val'])
            $this->clue(\lang::g('Verification code error.'));
            
        //up
        $pass = \YF_f::initC('\c\user\g')->password_ed($d['password']);
        $this->db->save('user', array('password'=>$pass), 'id='. $r['id']);
        \log::write('reset_password');
        $Ctem->del($mark);
        $this->clue(\lang::g('OK'), '?u=cuser\login');
    }
}
